[{"data":1,"prerenderedAt":30},["ShallowReactive",2],{"nr-en-grok-build-xai-datenleck-unverschluesselt":3},{"slug":4,"title":5,"dek":6,"date":7,"time":8,"publishedAt":9,"updated":10,"updatedAt":10,"dateFmt":11,"updatedFmt":10,"kind":12,"tier":13,"author":14,"authorName":15,"topics":16,"tracker":22,"trackerLabel":23,"headlineStat":24,"image":25,"ogImage":26,"imageAlt":5,"csv":10,"minutes":27,"words":28,"html":29},"grok-build-xai-datenleck-unverschluesselt","Grok Build: xAI's Coding Tool Transmitted User Data Without Redaction","Security researchers at Cereblab have proven that Elon Musk's AI coding assistant sent API keys, passwords, and entire Git repositories to xAI servers without redaction or filtering.","2026-07-13","10:20","2026-07-13T10:20:00+02:00","","July 13, 2026","news","standard","ideal-syka","Ideal Syka",[17,18,19,20,21],"AI Security","Data Protection","xAI","Enterprise Tools","Grok Build","\u002Fki-status","AI Security Incidents","5.10 GiB unintentionally transmitted instead of 192 KiB needed","\u002Fnewsroom\u002Fimg\u002Fgrok-build-xai-datenleck-unverschluesselt.webp","\u002Fog-nr\u002Fgrok-build-xai-datenleck-unverschluesselt.en.png",2,495,"\u003Cp>The security firm \u003Cstrong>Cereblab\u003C\u002Fstrong> has uncovered a significant data protection vulnerability in \u003Cstrong>Grok Build\u003C\u002Fstrong>, the coding assistant from xAI (formerly SpaceX AI). Analysis of network traffic from Grok Build version 0.2.93 reveals: the tool transmitted \u003Cstrong>API keys, database passwords, and authentication data unprocessed\u003C\u002Fstrong> to xAI&#39;s servers – without masking or filtering them.\u003C\u002Fp>\n\u003Ch2>Key Facts\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Cstrong>Grok Build uploaded entire Git repositories\u003C\u002Fstrong>, including files the AI model never read\u003C\u002Fli>\n\u003Cli>In a test with an \u003Cstrong>11.2 GiB repository\u003C\u002Fstrong>, \u003Cstrong>at least 5.10 GiB\u003C\u002Fstrong> were transmitted, even though the model only needed \u003Cstrong>192 KiB\u003C\u002Fstrong> for inference\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API keys and passwords\u003C\u002Fstrong> appeared without redaction in inference communications and session logs\u003C\u002Fli>\n\u003Cli>Data was stored in a Google Cloud Storage bucket named \u003Cstrong>&#39;grok-code-session-traces&#39;\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>What Grok Build Actually Sends\u003C\u002Fh2>\n\u003Cp>Grok Build is an AI agent that analyzes source code and provides program descriptions and bug fixes. For cloud-based code assistants, it&#39;s technically standard to transmit portions of code to servers – this is necessary for operation. The problem arises when transmission occurs without proper controls.\u003C\u002Fp>\n\u003Cp>Cereblab simulated real authentication data using tracking data and logged communications. The results are alarming: not only data that Grok actually analyzed was sent. The tool also uploaded a \u003Cstrong>&quot;Git bundle&quot;\u003C\u002Fstrong> – the complete Git repository including full commit history – even when users explicitly instructed: &quot;Just say OK without reading the files.&quot;\u003C\u002Fp>\n\u003Ch2>The Data Volume Discrepancy\u003C\u002Fh2>\n\u003Cp>The numbers tell a clear story:\u003C\u002Fp>\n\u003Cdiv class=\"tbl-scroll\">\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Metric\u003C\u002Fth>\n\u003Cth>Value\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Test repository size\u003C\u002Ftd>\n\u003Ctd>11.2 GiB\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Data actually transmitted\u003C\u002Ftd>\n\u003Ctd>at least 5.10 GiB\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Data needed for AI inference\u003C\u002Ftd>\n\u003Ctd>192 KiB\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Ratio: Transmitted to Needed\u003C\u002Ftd>\n\u003Ctd>~26,500:1\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\u003C\u002Fdiv>\n\u003Cp>This means: Grok sent a \u003Cstrong>multiple\u003C\u002Fstrong> of what the model needed for analysis. Particularly critical: even when users disabled the &quot;Use for model improvement&quot; setting, this \u003Cstrong>did not stop\u003C\u002Fstrong> repository uploads.\u003C\u002Fp>\n\u003Ch2>What This Means for You\u003C\u002Fh2>\n\u003Cp>If you&#39;ve already used Grok Build, you should review your repositories. Did they contain API keys, access tokens, database passwords, or other credentials? If so: \u003Cstrong>These must be revoked or regenerated immediately.\u003C\u002Fstrong> The data may be stored in xAI&#39;s cloud infrastructure.\u003C\u002Fp>\n\u003Cp>Those planning to use Grok Build in the future should \u003Cstrong>implement security measures\u003C\u002Fstrong>: prepare working repositories without sensitive data, remove credentials from Git management, and instead pass them as environment variables through secrets management services.\u003C\u002Fp>\n\u003Ch2>Implications: What This Means for Enterprise Users\u003C\u002Fh2>\n\u003Cp>For German companies evaluating AI coding tools, this vulnerability is an important warning signal. It demonstrates that the mere existence of a &quot;privacy setting&quot; does not guarantee that sensitive data won&#39;t be transmitted. Before selecting an AI assistant, decision-makers should clarify: What data is actually sent? Are there independent security audits? Where is data stored? Grok Build shows that even established providers – xAI is backed by Elon Musk – don&#39;t automatically meet data protection standards.\u003C\u002Fp>\n\u003Ch2>Sources\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgigazine.net\u002Fgsc_news\u002Fen\u002F20260713-grok-build-sending-data\u002F\">GIGAZINE\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Editorially owned by \u003Ca href=\"\u002Fen\u002Fautor\u002Fideal-syka\">Ideal Syka\u003C\u002Fa>. Sources and method: \u003Ca href=\"\u002Fen\u002Fredaktion\">Newsroom &amp; method\u003C\u002Fa>. Tips and corrections: \u003Ca href=\"mailto:ai@i6eal.de\">ai@i6eal.de\u003C\u002Fa>.\u003C\u002Fem>\u003C\u002Fp>\n",1783930981051]